Top community discussions about Little Flocker

Little Flocker is a utility for keeping your personal data safe from spyware, ransomware, misbehaving applications, and other common threats to your computer’s security, by preventing any application from accessing your files without explicit permission.

What's New in Little Flocker

Version 1.4.7:

Security Improvements: Overcame a prior known limitation of packet capture monitoring to where we can now monitor for device files created outside of /dev (by checking majors); this previously impacted performance, however recent improvements have made this type of monitoring possible.

Added a notification when a software-composed mouse click or keypress is ignored, as thisMore...

Requirements for Little Flocker

OS X 10.11 or later

View Larger

Similar Software

No similar apps have been recommended yet. You can add your suggestions to the right.

App Name

Smile Score

Suggest other similar software

suggested

Like this app? Be the first to add it to a collection!Create a Collection by bringing together complementary apps that have a common theme or purpose, then share it and discover new collections!+Create a Collection

Little Flocker is a utility for keeping your personal data safe from spyware, ransomware, misbehaving applications, and other common threats to your computer’s security, by preventing any application from accessing your files without explicit permission.

Version 1.4.7:

Security Improvements: Overcame a prior known limitation of packet capture monitoring to where we can now monitor for device files created outside of /dev (by checking majors); this previously impacted performance, however recent improvements have made this type of monitoring possible.

Added a notification when a software-composed mouse click or keypress is ignored, as this has been confusing some users. Also informs the user what process is generating the simulated mouse or keyboard events.

Added a hidden setting to disable the User Guide post-install. Read the user guide for more information.

Fixed a bug causing a crash, which caused Little Flocker to stop prompting the user and just deny operations without warning.

Fixed an issue with how the installer was rebuilding the kernel cache; not a necessary upgrade for users already installed

Fixed an installation issue that could, in rare circumstances, cause the prelinked kernel cache to become corrupt.

Added a preference to "Allow Remote Administration", replacing the old instructions to enable ui.prompts.remote; this should be checked to allow prompts to be answered by VNC or screen sharing sessions, or if you're having trouble with certain human interface devices.

Changes to how human interface devices are deteced for better compatibility.

Fixed an issue where Magic Mouse and other certain human interface devices required ui.prompts.remote be set to 2 (disabled) instead of 1 (restricted); now corrected (by allowing the _hidd user to simulate mouse and keyboard events when ui.prompts.remote is set to 1).

Rules maintenance; in particular, fixed a rule that caused an unnecessary prompt on Time Machine and other remotely mounted volumes, and added spindump.

Fixed an issue where "execute" permissions were not written to rules when in simple mode, causing repeat prompts for file execute operations.

New stylish about window

Security: Local Abuse of /tmp Files Can Lead to Arbitrary File Mode Change Severity: Low Description: A user with code execution on the system can abuse the temporary icon file created during an access prompt and change the mode of an arbitrary file to 0755. Impact: Because of the way chmod operations were handled on the temporary file, arbitrary files that would otherwise be readable only by a different user could be altered to have mode 0755, and be readable by other users. Mititation: Use of chmod was changed to fchmod on the file descriptor, which was already using the O_NOFOLLOW flag. As a precaution, the icon file has also been moved to a protected folder Credit: Aaron Sigel

Filtered out "Display Audio" alerts for connected displays.

Changed how ui.prompts.remote works for support of third party drivers and VNC connections; please see the user guide for information.

Rules created within the last 24 hours are now displayed with a pencil icon in the rules editor.

Replaced occurrences of $HOME/ with ~/ in all rules to make it easier to search and use. Note: New rules with home directory prefixes are now also written with ~/ instead of the full path as previous, to make the rules more easily portable. Legacy $HOME still works.

Tweaks to fix support for a wider range of human interface devices. See the documentation for information on enabling HID support to respond to prompts. Also may address potential issues with certain Apple mice.

Default rules have been added for when AVG AntiVirus is present on install

Changed purchase link to https

The "Whitelist Apple applications accessing Time Machine backups" feature has been removed, as it is no longer necessary; recent versions of Little Flocker have been able to display popup prompts above Time Machine, so that the user may selectively grant access permissions to Time Machine volumes.

The first run and access prompts in Little Flocker have been given a translucent window appearance to add a more aesthetically pleasing aroma to Little Flocker. Access prompts now have that "frosted glass" look, or as they call it in Microsoft world, Aero. The rules editor has also been given a similar facelift.

By default, Little Flocker now monitors for calls to task_for_pid, instead of making this an advanced ruleset. Invoking task_for_pid is required in order for tools like debuggers, cycript, substrates, and others in order to take over another process. The user will now receive a prompt that a program is "attempting to take over another process", and can deny the operation. This can prevent malware from malicious dumping memory or injecting code into other programs that may have access privileges with Little Flocker, and so it made sense to make this a default ruleset. This can be changed in preferences.

Little Flocker now monitors for keyboard loggers and mouse sniffers. Notifications are now sent to the user if a process attempts to intercept keyboard or mouse events (such as key loggers / keyboard sniffers, VNC, etc). An ignore option has been provided for common applications, such as VMware, that have legitimate reason to intercept these events. Ignored applications will remain ignored until the system is restarted. Live moniotring of these events an be disabled from the Live Monitoring menu added to the Little Flocker menubar.

Little Flocker now monitors for microphone and webcam activity. Notifications will be sent to the user if the microphone or webcam become active (and inactive); Little Flocker still provides the option to block webcam capabilities altogether for one or all applications. Live monitoring of these events can be disabled from the Live Monitoring menu added to the Little Flocker menubar.

Little Flocker now blocks on attempts to access raw packet devices (/dev/bpf*) to prevent applications from packet sniffing without authorization.

Improved support for sandboxed / translocated apps that include a random string of characters at the end (for example, TextMate_command.P2Oatw); you can now edit the rule to omit the random characters (leaving the dot), and the app will still match the rule from within /private/var/folders; the hash of the program is still enforced, so you'll be prompted again if the program is updated or changed.

A search field has now been added to the rules editor. Redundant rules logic has also been added; redundant rules are now highlighted in orange.

Company

Tools
+

Company
+

MacUpdate.com uses cookies. Some of these cookies are essential, while others improve your experience by providing insights into how MacUpdate is being used. If you’re looking for more info on our cookie usage, explore our Privacy Policy or the privacy settings in your
.

MacUpdate.com uses cookies.

Some of these cookies are essential, while others improve your experience by providing insights into how MacUpdate is being used. If you’re looking for more info on our cookie usage and you like a dry read, explore our
Privacy Policy.

Necessary Cookies

Necessary cookies enable the core functionality of MacUpdate.com. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage.

Google Analytics

YesNo

Hotjar

YesNo

Advertising Cookies

Advertising cookies are used to create a personalized browsing experience for you.